BSD Commit Log Search

nextvi: import of 5.3

   micropython: Work around old NetBSD releases not having PTHREAD_STACK_MIN.

   souffle: This needs support for the C++17 filesystem API.

   The netbsd-9 system compiler has support for C++17 but lacks the file
   system API, and is still technically supported.

   igraph: This needs the workaround for broken C++ headers in old NetBSD.

   vifm: Require curses library to expose mouse functions.

   Should help unbreak the build on netbsd-9, which is still
   technically supported.

   ted: Handle the case where GNU libiconv gets pulled in.

   libowfat: Avoid implicit declaration of alloca(3) on SunOS.

   Should help the GCC 14 builds.

   babl: Avoid implicit declaration of alloca(3) on SunOS.

   Should help the GCC 14 builds.

   yara: SunOS wants __EXTENSIONS__ for getline(3).

   libdockapp: SunOS wants __EXTENSIONS__ for getline(3).

   doc: Updated devel/R-purrr to 1.2.2

   (devel/R-purrr) Updated 1.0.4 to 1.2.2, fix build against R-4.6.0

   # purrr 1.2.2

   * Fixes for CRAN checks (@ErdaradunGaztea, #1256).

   # purrr 1.2.1

   * Tweaks for compatibility with upcoming vctrs 0.7.0.

   # purrr 1.2.0

   ## Breaking changes

   * All functions and arguments deprecated in purrr 0.3.0 have now been
     removed. This includes `%@%`, `accumulate_right()`, `at_depth()`,
     `cross_d()`, `cross_n()`, `reduce2_right()`, and `reduce_right()`.

   * All functions that were soft-deprecated in purrr 1.0.0 are now fully

    [48 lines not shown]

   eb: Improve portability of iconv handling.

   Older NetBSD and SunOS have the traditional iconv prototype with a const
   char * argument, while other operating systems are using a char *
   argument due to historical accidents in the POSIX standard.

   Newer C compiler versions (e.g. GCC 14) have strict enforcement of
   pointer type compatibility. Thus a const char * cannot be converted
   easily back into a non-const char *. So we need to match the prototype
   of the iconv function carefully.

   libcrack: Fix various build problems with GCC 14 and GCC 15.

   Unfortunately, libcrack relied on quite a lot of implicit
   declarations of internal functions.

   It makes use of syntax that predates standardized C, so force
   an older standard version as insurance against future C compilers
   getting stricter.

sftpgo: update to 2.7.3

New features
    Added a configurable minimum-entropy check (common.secret_min_entropy, default 80) for data-at-rest encryption secrets (CryptFs passphrase, S3 SSE-C key), to reject trivially weak key material at submission time.
    Logs: added the virtual path to transfer/command logs and to event-log CSV exports.
    WebClient: replaced glightbox with a custom lightbox implementation for better CSP compatibility.

Bug fixes
    IP list: fixed matching when an IP is covered by multiple conflicting entries.
    Fixed comparison of unordered slices.
    Shares: enforce max_tokens atomically via a guarded conditional update, closing a check-then-write race that could let a usage-capped share be used more times than allowed under concurrent access.
    In-memory reset-code manager: check code expiry at retrieval time instead of relying only on the background cleanup.

Security fixes
    Fixed a path-confinement bypass in the public browsable-share partial ZIP download. CVE-2026-49244.
    Fixed a stored XSS where the inline parameter on browsable-share and authenticated user file downloads suppressed Content-Disposition: attachment, allowing an attacker-supplied HTML file to execute in SFTPGo's web origin. These endpoints now always respond with Content-Disposition: attachment and the inline parameter has been removed. CVE-2026-49245.

Hardening
    Neutralized CSV formula injection in the Event Manager and event-log CSV exports: cells starting with =, +, -, @, tab or CR are now prefixed with a single quote.

    [6 lines not shown]

   www/php-nextcloud: Update to 32.0.11

   Upstream NEWS: micro update (nextcloud has a solid track record of
   micro release actually being micro).

   Tested on NetBSD 10 amd64: web UI, CalDAV, CardDAV, and CalDAV push
   via UP to Adnroid DAVx5.

   jimtcl: bump BUILDLINK_API_DEPENDS to 0.83nb1.

   The current devel/openocd (0.12.0) fails to compile with jimtcl < 0.83,
   but since the BUILDLINK_API_DEPENDS was 0.80nb1, you would not notice
   the failure unless you had an older version of jimtcl already installed.

   So, jimtcl is now 0.83nb1, BUILDLINK_API_DEPENDS set to match, and openocd
   bumped to 0.12.0nb1 to force the correct dependency to be recorded.

Minor Makefile clear-up

Adjust Makefile to account for MASTER_SITE_CRATESIO

Ajust Makefile; update to 0.8.62

   doc: Updated graphics/digikam-gmic-qt to 3.6.0.20260312

   digikam-gmic-qt: update to 3.6.0.20260312.

   Upstream documents their changes badly. About 10 commits since previous version.

   Add some which I have ready to merge

   Added test case for PPPoE keepalive

litehtml: Restore patch which provide .so instead .a libraries

   Make SPPP_KEEPALIVE_INTERVAL configurable for rump_server

   This allows changing the keepalive interval when running inside
   rump_server, which is useful for testing.

py-whichllm: update to 0.5.11.

   doc: Updated graphics/py-pillow_heif to 1.4.0

   py-pillow_heif: update to 1.4.0.

   ## [1.4.0 - 2026-06-10]

   ### Changed

   - `libheif` was updated from the `1.21.2` to `1.23.0` version. #426
   - `libde265` was updated from the `1.0.16` to `1.1.0` version. #426
   - `libx265` was updated from the `4.1` to `4.2` version. #426
   - Minimum required `libheif` version is `1.19.0`. #416

   ### Removed

   - `options.ALLOW_INCORRECT_HEADERS` option. Starting with `libheif` `1.22.0`, libheif itself rejects images whose decoded size does not match the `ispe` header. #426

   ### Fixed

   - `sRGB` NCLX color profile (`BT.709` primaries) is now written by default during encoding when no color information was provided, to avoid color shifts in viewers. #407

   doc: Updated textproc/moor to 2.15.1